Senior OT Cybersecurity & CRA Compliance Architect

We are seeking a highly experienced Senior OT Cybersecurity & CRA Compliance Architect to lead cybersecurity architecture, cyber resilience, and regulatory compliance initiatives within a GMP-regulated pharmaceutical manufacturing environment.

This role will be responsible for designing, implementing, and governing secure Operational Technology (OT) environments, with a strong focus on Rockwell Automation PLC platforms (ControlLogix, CompactLogix) and Ignition SCADA systems. The successful candidate will play a critical role in ensuring compliance with the EU Cyber Resilience Act (CRA), IEC 62443/ISA99, ISA-95, GMP, and FDA 21 CFR Part 11 requirements while supporting digital transformation and manufacturing modernization initiatives.

The position requires a blend of OT cybersecurity expertise, regulatory compliance knowledge, and pharmaceutical manufacturing experience.

• Lead the development, implementation, and continuous improvement of OT cybersecurity architecture across manufacturing and laboratory environments.
• Define and maintain enterprise OT reference architectures aligned with the Purdue Enterprise Reference Architecture, including network segmentation, zones and conduits, and industrial DMZ design.
• Develop cybersecurity standards, policies, and technical guidelines for industrial control systems and manufacturing platforms.
• Collaborate with engineering, automation, validation, quality, and IT teams to integrate cybersecurity requirements into project lifecycles.

• Lead Cyber Resilience Act (CRA) implementation programs, readiness assessments, and remediation initiatives.
• Conduct cybersecurity gap assessments against IEC 62443, ISA99, NIST Cybersecurity Framework, and pharmaceutical industry best practices.
• Establish governance frameworks to ensure ongoing compliance with applicable regulatory and cybersecurity requirements.
• Support regulatory inspections, internal audits, and customer audits related to cybersecurity and compliance.

• Secure, harden, and maintain Rockwell Automation environments, including ControlLogix, CompactLogix, FactoryTalk, and associated engineering platforms.
• Design and implement secure architectures for Ignition SCADA systems and supporting infrastructure.
• Define and maintain secure configuration baselines for servers, engineering workstations, HMIs, and industrial network components.
• Evaluate and implement cybersecurity controls for OT assets, including access management, logging, monitoring, and network security.

• Perform OT cybersecurity risk assessments, threat modelling, and security impact analyses.
• Identify vulnerabilities and develop mitigation strategies while maintaining validated system status.
• Define and oversee patch management and vulnerability remediation processes for validated GMP systems.
• Support incident response planning, cyber resilience testing, disaster recovery, and business continuity initiatives.

• Ensure compliance with GMP requirements and FDA 21 CFR Part 11 regulations, including:
• Electronic records and signatures
• Audit trail integrity
• Role-based access control (RBAC)
• Data integrity controls
• Support Computer System Validation (CSV) activities and documentation, including:
• User Requirements Specifications (URS)
• Non-Functional Requirements (NFR)
• Functional Specifications (FS)
• Design Specifications (DS)
• Installation Qualification (IQ)
• Operational Qualification (OQ)
• Performance Qualification (PQ)
• Provide cybersecurity expertise during validation and change control processes.

• Serve as a trusted advisor to manufacturing, quality, validation, engineering, and IT leadership teams.
• Provide technical guidance and mentorship to engineering and cybersecurity teams.
• Support strategic initiatives related to smart manufacturing, digital transformation, and OT modernization.

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Information Technology, Automation Engineering, or a related discipline.
• 10+ years of experience in OT cybersecurity, industrial automation, or control systems engineering.
• 5+ years of experience within pharmaceutical, biotechnology, life sciences, or other regulated manufacturing environments.
• Hands-on experience with:
• Rockwell ControlLogix and CompactLogix PLC platforms
• Ignition SCADA
• Industrial networking and segmentation
• OT infrastructure hardening
• Strong knowledge of:
• EU Cyber Resilience Act (CRA)
• IEC 62443 / ISA99
• ISA-95
• NIST Cybersecurity Framework
• GMP regulations
• FDA 21 CFR Part 11
• Experience conducting cybersecurity assessments, threat modelling, and remediation planning.
• Experience supporting CSV and validation activities in regulated environments.
• Excellent communication and stakeholder management skills.

• Professional certifications such as:
• ISC2 CISSP
• ISACA CISM
• GIAC GICSP
• IEC 62443 Cybersecurity Expert Certification
• Experience with FactoryTalk Suite, MES platforms, historians, and manufacturing execution systems.
• Knowledge of cloud-connected industrial environments and Industrial IoT security.
• Experience supporting global pharmaceutical manufacturing networks and multi-site OT environments.

• OT Cybersecurity Architecture
• Cyber Resilience & CRA Compliance
• Industrial Control Systems Security
• Pharmaceutical Regulatory Compliance
• Risk Assessment & Threat Modelling
• GMP & Data Integrity
• Computer System Validation (CSV)
• Stakeholder Management
• Strategic Leadership
• Problem Solving & Continuous Improvement

This is an opportunity to play a critical role in securing next-generation pharmaceutical manufacturing environments while shaping cybersecurity and compliance strategies across highly regulated OT ecosystems. You will work at the intersection of industrial automation, cybersecurity, and regulatory excellence, helping ensure resilient and compliant operations that support the delivery of life-changing therapies to patients worldwide.